Multi-profile mobile device interface for same user

ABSTRACT

A multi-environment computer device configured for providing a work environment type and a personal environment type via a user interface for a device user, each of the environments having the same persona, the device having: a computer processor coupled to a memory, wherein the computer processor is programmed to coordinate interaction between the device user and the pair of environments presented on the user interface by: configuring the user interface to present the personal environment for facilitating interaction between the device user and personal applications associated with the personal environment, the personal environment having an assigned user name of said persona and a personal password, the personal environment presented using a set of unique personal environment user interface design elements for distinguishing the personal environment from the work environment via the user interface; and responding to a switch environment command generated by a switch mechanism invoked by the device user via the user interface to replace the personal environment with the work environment on the user interface.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation under 35 U.S.C. §120 of U.S. patentapplication Ser. No. 13/896,543, filed May 17, 2013, the contents ofwhich are incorporated herein by reference in their entirety.

BACKGROUND OF THE INVENTION

Bring-your-own-device (BYOD) trends are accelerating in today'severything-mobile environment. One disadvantage for today's users isthat they have to carry multiple devices to stay connected to everyaspect of their lives. The advent of consumerization has led employeesto demand a greater say in the devices, applications and carriers theyuse at work. They either tend to regard company-issued mobile phones astheir own, or they are looking to bring personal devices into theworkplace to help them manage their day—but few are prepared to juggletwo separate handsets nowadays. IT departments are struggling to reactto the pace of change that these new types of hardware and operatingsystems pose in the enterprise environment. Data security is aparticular concern as currently devices are used interchangeably forprivate and professional purposes, without proper restrictions placed ondata access both on and off the device. At the moment, the frontierbetween personal and business devices is blurred, while smart phones areincreasingly used for work purposes.

More specifically, a growing number of employees are already using theirown phones for work-related activities. According to Forrester, 60% ofcompanies now allow their employees to use personal smart phones andtablets at work a trend known as BYOD—“Bring Your Own Device.” However,using the same device for work and private purposes may be problematic.For instance, using your business phone to store your personal contactsmeans that these may end up in the company's backup base, raisingprivacy concerns. Further, having company data on a personal deviceraises the likelihood that dissemination of the company data outside ofcompany communication channels may occur.

Current interest is now in dual profile enabled mobile devices.Companies can benefit from cost savings of a “bring your own device”(BYOD) policy and data security, and employees can enjoy a greaterdegree of freedom over the choice of mobile device for work use withoutcompromising personal data privacy or restricting usage. However,current state of the art makes these dual profile enabled mobile devicescumbersome to use and operate effectively, both from a user interfaceperspective as well as from a device configuration perspective,including the requirement to have multiple personas for securityreasons.

SUMMARY

It is an object of the present invention is to provide amulti-environment device and method to obviate or mitigate at least oneof the above-presented disadvantages.

Using the same device for work and private purposes may be problematic.For instance, using your business phone to store your personal contactsmeans that these may end up in the company's backup base, raisingprivacy concerns. Further, having company data on a personal deviceraises the likelihood that dissemination of the company data outside ofcompany communication channels may occur. Current state of the art makesthese dual profile or dual persona enabled mobile devices cumbersome touse and operate effectively, both from a user interface perspective aswell as from a device configuration perspective. Desired are dualpersona enabled devices that provide a hermetic frontier between the twowork and personal profiles, while allowing users to switch very easilybetween the profiles. Also desired is the ability to receive both workand personal notifications within both profiles.

According to a first aspect is provided a multi-environment computerdevice configured for providing a work environment type and a personalenvironment type via a user interface for a device user, each of theenvironments having the same persona, the device having: a computerprocessor coupled to a memory, wherein the computer processor isprogrammed to coordinate interaction between the device user and thepair of environments presented on the user interface by: configuring theuser interface to present the personal environment for facilitatinginteraction between the device user and personal applications associatedwith the personal environment, the personal environment having anassigned user name of said persona and a personal password, the personalenvironment presented using a set of unique personal environment userinterface design elements for distinguishing the personal environmentfrom the work environment via the user interface; and responding to aswitch environment command generated by a switch mechanism invoked bythe device user via the user interface to replace the personalenvironment with the work environment on the user interface by:presenting an intermediate login interface on the user interface;authorizing login to the work environment based on the assigned username of said persona and an accepted work password entered by the deviceuser, the work password different from the personal password; andconfiguring the user interface to present the work environment forfacilitating interaction between the device user and work applicationsassociated with the work environment, the work environment having theassigned user name of said persona and the work password, the workenvironment presented using a set of unique work environment userinterface design elements for distinguishing the work environment fromthe personal environment via the user interface.

Further, coordination of interaction between the device user and thepair of environments presented on the user interface is provided bypresenting a notification menu on the user interface for containing workenvironment notification type and personal environment notificationtype, such that a notification presented in the notification menu isconfigured by a notification manager to withhold presentation ofnotification content of the notification if the environment notificationtype does not match the environment type.

A further aspect provided is a method for providing multi-environmentson a computer device including a work environment type and a personalenvironment type, each of the environments having the same persona, themethod comprising a set of stored instructions for execution by acompute processor for: configuring a user interface of the computerdevice to present the personal environment for facilitating interactionbetween the device user and personal applications associated with thepersonal environment, the personal environment having an assigned username of said persona and a personal password, the personal environmentpresented using a set of unique personal environment user interfacedesign elements for distinguishing the personal environment from thework environment via the user interface; and responding to a switchenvironment command generated by a switch mechanism invoked by thedevice user via the user interface to replace the personal environmentwith the work environment on the user interface by: presenting anintermediate login interface on the user interface; authorizing login tothe work environment based on the assigned user name of said persona andan accepted work password entered by the device user, the work passworddifferent from the personal password; and configuring the user interfaceto present the work environment for facilitating interaction between thedevice user and work applications associated with the work environment,the work environment having the assigned user name of said persona andthe work password, the work environment presented using a set of uniquework environment user interface design elements for distinguishing thework environment from the personal environment via the user interface.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the invention will now be described inconjunction with the following drawings, by way of example only, inwhich:

FIG. 1 is a block diagram of a dual persona for multiple environments ofmobile device;

FIG. 2 is a block diagram showing an example configuration of a userinterface of the device of FIG. 1;

FIGS. 3 a, b, c, d, e, f, g, h, i show alternative embodiments of a useraccess interface is an example interface of the scheduling coordinationservice of the user interface of the device of FIG. 2;

FIG. 4 shows a block diagram of optionally using a login interfacebetween the user access interface and a selected environments of thedevice of FIG. 1;

FIGS. 5 a, b, c provide alternative embodiments of the login interfaceof FIG. 4;

FIG. 6 is an example screen of a play environment of the device of FIG.1;

FIG. 7 is an example screen of a work environment of the device of FIG.1;

FIG. 8 is an alternative embodiment of an environment switch mechanismfor the device of FIG. 1;

FIG. 9 is a block diagram of a configuration module of the device ofFIG. 1;

FIG. 10 is an example interface of the configuration module of thedevice of FIG. 9;

FIG. 11 is an alternative embodiment of the switch mechanism of FIG. 8;and

FIG. 12 shows an example configuration of a device of the system of FIG.1.

DETAILED DESCRIPTION OF CERTAIN INVENTIVE EMBODIMENTS Environments ofDevice 10

The claimed invention can be implemented in numerous ways, including asa process; an apparatus; a system; a composition of matter; a computerprogram product embodied on a computer readable storage medium; and/or aprocessor, such as a processor configured to execute instructions storedon and/or provided by a memory coupled to the processor. In thisspecification, these implementations, or any other form that theinvention may take, may be referred to as techniques. In general, theorder of the steps of disclosed processes may be altered within thescope of the claimed invention. Unless stated otherwise, a componentsuch as a processor or a memory described as being configured to performa task may be implemented as a general component that is temporarilyconfigured to perform the task at a given time or a specific componentthat is manufactured to perform the task. As used herein, the term‘processor’ refers to one or more devices, circuits, and/or processingcores configured to process data, such as computer program instructions.

A detailed description of one or more embodiments of the claimedinvention is provided below along with accompanying figures thatillustrate the principles of the invention. The claimed invention isdescribed in connection with such embodiments, but the claimed inventionis not limited to any embodiment. The scope of the claimed invention islimited only by the claims and the claimed invention encompassesnumerous alternatives, modifications and equivalents. Numerous specificdetails are set forth in the following description in order to provide athorough understanding of the claimed invention. These details areprovided for the purpose of example and the invention may be practicedaccording to the claims without some or all of these specific details.For the purpose of clarity, technical material that is known in thetechnical fields related to the claimed invention has not been describedin detail so that the claimed invention is not unnecessarily obscured.

In practical terms, a dual persona of dual profile mobile device 10(e.g. smart phone) creates two interfaces on the device 10, —a corporateone, controlled by the employer or enterprise of the device user, and aprivate one which is independent from the corporate one and typicallycannot be accessed by the corporate enterprise. The real world is thatindividual device 10 end users have multiple relationships, butprimarily their job/work relationship and their personal relationships.So, the concept of having two separate sets of usage controls within asingle mobile device, better known as “dual persona,” is advantageous,providing capabilities that employees (e.g. device 10 users) want to usefor personal and work related purposes. As discussed further below, eachof the separate environments 12, 14 (e.g., profiles) configured on thedevice 10 could have the same user name, thereby facilitating only theuse of a password for login from one of the environments 12, 14 toanother of the environments 12, 14 when the user switches betweenenvironments 12, 14 as displayed/configured on a user interface (e.g.touch screen) of the device 10. As further described below, switchingbetween environments 12, 14 can be facilitated via use of a predefinedgesture inputted to the user interface of the device 10 by the deviceuser.

Referring to FIG. 1, a dual persona mobile device 10 is segregated forcombined personal and work use by providing a pair of environments as asecure work application environment 12 and a personal applicationenvironment 14 provisioned on the device 10, while at the same timeproviding for access to either environment 12, 14 via a user interface104 (see FIG. 2) of the device 10, using an example environment initialaccess or switch visual interface 100 of dual display portions 200,202on the user interface 104, as further described below. The separateapplication environments 12, 14 can have limited communication 16directly with one another (e.g. for notification purposes) and/or canhave indirect communication 18 with one another through an intermediatedevice manager 20. These limited communications 16, 18 can be for thepurposes of notifications, as further described below. As such, theexchange of sensitive work data 22 and sensitive personal data 24 can beinhibited between the two discrete profiles provided by the environments12, 14, thereby helping to provide safeguarding for both corporate workinformation privacy and the device 10 user's personal informationprivacy. A work profile manager 26 and a personal profile manager 28 canbe used to manage the individual respective environments 12, 14, and assuch can be in communication 16 with one another, in communication 18with the intermediate device manager 20, and/or in communication withcommon device platform 30 of hardware components andcapabilities/software configuration (e.g. camera, network interface 99(see FIG. 11), graphical user interface GUI, etc. device sensors, GPS,etc.). The user interface 104 is a component of the common deviceplatform 30, which is available for use by either environment 12, 14,including memory 32.

In summary, the multi-environment computer device 10 can be configuredfor providing the work environment 12 type and the personal environment14 type via the user interface 104 for interaction with a device user,such that each of the environments 12, 14 has the same persona. Thedevice user interface 104 can be configured by: configuring to presentthe personal environment 14 for facilitating interaction between thedevice user and personal applications associated with the personalenvironment 14, the personal environment 14 having an assigned user nameof the persona and a personal password, the personal environment 14presented using a set of unique personal environment user interfacedesign elements for distinguishing the personal environment 14 from thework environment 12 via the user interface 104.

Upon desire of switching environments 12, 14, this can be accomplishedby the computer device 10 configured to respond to a switch environmentcommand generated by a switch mechanism invoked by the device user viathe user interface 104 to replace the personal environment 14 with thework environment 12 on the user interface 104 by: presenting anintermediate login interface on the user interface 104; authorizinglogin to the work environment 12 based on the assigned user name of thepersona and an accepted work password entered by the device user, thework password different from the personal password; and configuring theuser interface 104 to present the work environment 12 for facilitatinginteraction between the device user and work applications associatedwith the work environment 12, the work environment 12 having theassigned user name of the persona and the work password, the workenvironment 12 presented using a set of unique work environment userinterface design elements for distinguishing the work environment 12from the personal environment 14 via the user interface 104.

Alternatively, in the case where the user interface 104 is configuredinitially as the work environment 12, the multi-environment computerdevice 10 can be configured for providing the personal environment 14type via the user interface 104 for interaction with a device user, suchthat each of the environments 12, 14 has the same persona. The deviceuser interface 104 can be configured by: configuring the computer device10 to respond to a switch environment command generated by a switchmechanism invoked by the device user via the user interface 104 toreplace the work environment 12 with the personal environment 14 on theuser interface 104 by: presenting an optional intermediate logininterface on the user interface 104; authorizing login to the personalenvironment 14 based on the assigned user name of the persona and anaccepted work password (e.g. null or default password) entered by thedevice user, the personal password different from the work password; andconfiguring the user interface 104 to present the personal environment14 for facilitating interaction between the device user and personalapplications associated with the personal environment 14, the personalenvironment 14 having the assigned user name of the persona and thepersonal password (e.g. null), the personal environment 14 presentedusing a set of unique personal environment user interface designelements for distinguishing the personal environment 14 from the workenvironment 12 via the user interface 104.

As further discussed below in greater detail, using numerous differentswitch mechanism embodiments, the switch mechanism can be implemented onthe computer device 10 using interaction by the device user with apredefined graphical element displayed on a display of the userinterface 104. The interaction with the predefined graphical element canbe configured via one or more of the managers to generate a switchenvironment command based on the predefined gesture. For example, thepredefined gesture can be a finger based gesture associated with thepredefined graphical element.

As further discussed below, the environments 12, 14 can be more thanjust a pair of environments (e.g. one work and one play). For example,the environments could include multiple different work environments 12and/or multiple different play environments 14. One example of this isthe device 10 configured to have one play environment 14 and multipledifferent work environments 12, such that each different workenvironment 12 could be configured with a different respective userpassword used by the device user for selected work environment 12 login.As discussed above, each of the multiple environments 12, 14 could beassigned the same user name as part of the login feature, thus providingfor user login with the same user name but with different passwordsassociated with each of the different environments 12, 14. It isrecognized that certain environments 12, 14 (e.g. play environment)could have a default password as a null or no password requirement.Examples of password types can include alpha-numeric strings, biometricdata (e.g. fingerprint, retina scan, facial recognition), and/or uniquegesture based passwords (e.g. tracing of predefined patterns on the userinterface). Other password types can be what is referred to as an airgesture, whereby the user provides a predetermined motion or gesture(e.g. hand swipe), without touching the screen of the user interface104, which is captured by the camera or other imager of the device 10and then recognized by the manager(s) as a predefined password commandor instruction to initiate the switch of environments 12, 14. As such,the individual password types can be used alone or in combination toprovide for the requisite password used to switch from one environment12, 14 to another environment 12, 14.

Referring to FIGS. 1 and 2, the user interface 104 provides forimplementation via the managers 20, 26, 28 of displaying dedicated Workand Personal/Play environments or zones 12, 14 on the device 10. TheWork and Personal/Play environments or zones 12, 14 can be configured astwo or more distinctly separate zones/containers on the device 10, whichprovide individual security of data access/storage and network 27communication when the device user interface 104 is configured as adevice for work or as a device for play/personal. Communication messages17 over the network 27 can be directed between the device 10 whenoperating in the work environment 12 to work related remote computerdevices 36 and can be directed between the device 10 when operating inthe personal environment 14 to personal related remote computer devices37.

User Interface 104

The environments 12, 14 (also referred to as zones or profilesinterchangeably) each have distinctive design elements (e.g. visualelements) displayed on the user interface 104 that are visuallydifferent and graphically unique and appealing to the device 10 user, sothat the design elements (e.g. visual elements) are recognizable andassociated by the user as either representing a particular environment12, 14 (e.g. the work environment 12 or the personal environment 14) butnot both at the same time. It is recognized that in the case of multiplework environments 12 (in addition to one or more play environments 14),each environment 12, 14 of the environment set can have distinctivedesign elements (e.g. visual elements) displayed on the user interface104 that are visually different and graphically unique and appealing tothe device 10 user, so that the design elements (e.g. visual elements)are recognizable and associated by the user as either representing aparticular environment 12, 14 of the environment set.

For example, but not limited to, “Work” design elements (e.g. visualelements) of the work environment 12 on the user interface 104 can berepresented using a common work visual theme of a metallic/darkcolor/conservative look & feel, (e.g. resembling like a bank vault orother corporate look), using defense grade NSA/CIA/Dept of Defense dataand communication protection, passwords and encryption technology.“Play” or personal of the personal environment 14 on the user interface104 can be represented using a common work visual theme of avivid/bright color/modern look for & feel for “Play” (e.g. like alifestyle companion, with simple & easy to use scrollable widgets,larger graphical buttons/font and configured application short cuts).

It is also recognized that audio aspects of the user interface 104 canbe configured for distinctive recognition as representing either thework environment 12 or the personal environment 14. The environments 12,14 can each have distinctive design elements (e.g. audio elements)generated by the user interface 104 that are audibly different andunique and appealing to the device 10 user, so that the design elements(e.g. audio elements) are recognizable and associated by the user aseither representing the different work environment 12 and/or personalenvironment 14 but not two or more environments 12, 14 at the same time.Examples of the audio elements can include sounds such as but notlimited to: individual ring tones recognized as either for work or forplay; keystroke sounds configured to be recognized as either for work orfor play; and/or application sounds associated with certain applicationfunctions (e.g. open/close screens, error tones, etc.) configured to berecognized as either for work or for play respective environment typespresent in the multi-environment set (i.e. two or more predefinedenvironments 12, 14).

As further discussed below in relation to FIG. 2, the ability of thedevice 10 user to effortlessly access (e.g. initially or when switchingbetween environments 12, 14) either the work environment 12 or thepersonal environment 14, as well as to retain a contextual understanding(i.e. current user perception) of which environment 12, 14 the user iscurrently operating within, is important. The device 10 of FIG. 2 has auser interface 104 (e.g. including a display screen 105 such as a touchscreen and/or mechanical input devices 107—e.g. buttons, knobs, etc. andoptional speaker 109), which is the space/mechanism where interactionbetween the user and the device 10 occurs. The goal of interactionbetween the user and the device 10 at the user interface 104 iseffective operation and control of the device 10 (and/or application 40,60 functionality provided by the device 10) and feedback from the device10 which aids the user in making operational and/or applicationdecisions. In order to provide for the access and maintaining context ofthe current environment 12, 14 in use by the user, the display screen105 is configured to display both a dedicated work environment displayportion 200 (e.g. icon) and a personal environment display portion 202(e.g. icon) It is recognized that each of the dedicated display portions200, 202 can be distinguished by the user as representing one of theenvironments 12, 14 but not more than one of the environments in themulti-environment set.

One example format of the display portion 200,202 is an icon thatuniquely represents its respective environment 12, 14 due to a visualfeature (e.g. shape, shade, pattern and/or color) that is different fromthe visual feature of the icon representing another environment 12, 14(e.g. use of first icons for one environment 12, 14 and second icons foranother environment 12, 14, such that the first and second icons areunique with respect to one another). Another example format of thedisplay portion 200,202 is an environment graphical element format thatuniquely represents its respective environment 12, 14 due to a visualfeature (e.g. shape, size, shade, pattern and/or color) of the graphicalelement that is different from the visual feature of the graphicalelement representing another environment 12, 14 (e.g. use of firstvisual feature for one environment 12, 14 and second visual feature foranother environment 12, 14, such that the first and second visualfeatures are unique with respect to one another). A further example ofthis graphical element is font, such that font in one environment 12, 14has one or more different visual features (e.g. style, shape, size,shade, pattern and/or color) than the font in the other environment 12,14 (e.g. use of first font for one environment 12, 14 and second fontfor another environment 12, 14, such that the first and second fonts areunique with respect to one another). Another example of this graphicalelement is background, such that background in one environment 12, 14has one or more different visual features (e.g. style, shape, size,shade, pattern and/or color) than the background in the otherenvironment 12, 14 (e.g. use of first background for one environment 12,14 and second background for another environment 12, 14, such that thefirst and second backgrounds are unique with respect to one another).Another example format of the display portion 200,202 is a specifiedpredefined screen location, such that location of a visual element inthis location is indicative of an active control to switch between thecurrent environment 12, 14 with the other environment 12, 14 orotherwise log in to the respective environment 12, 14 associated withthe predefined screen location (e.g. use of first location for oneenvironment 12, 14 and second location for another environment 12, 14,such that the first and second locations are unique with respect to oneanother). In any event, it is recognized that predefined gestures can beused (as configured by the user interface 104) to be associated withimplementing a switch between one of the environments 12, 14 to anotherenvironment 12, 14 in the multi-environment set.

Other example formats of the display portions 200,202 can be differentand uniquely recognizable color tone; graphics; icons; images design;backgrounds or wallpapers, device start-up animation differences forWork/Play; overall individual pages/screen design for Work/Play; uniqueFont Type selections for Work/Play; and/or unique Alert tones forWork/Play, such that use of first format for one environment 12, 14 andsecond format for the another environment 12, 14, such that the firstand second formats are unique with respect to one another. The first andsecond formats can be used to represent one or more visual elements ofthe environments 12, 14. The first and second formats can be used torepresent one or more audio elements of the environments 12, 14.

Device Common Platform 30

In terms of the common device platform 30 used to support the userinterface 104, data access/storage and network 27 communication, it isrecognized that the device hardware components and capabilities caninclude two or more network interfaces (e.g. including individual SIMcards) for use in segregating network 27 communications of the workapplication environment 12 and the personal application environment 14,as desired. GSM feature devices 10 can use a small microchip called aSubscriber Identity Module or SIM Card, to function (e.g. removablehardware User Identity Module). The SIM securely stores theservice-subscriber key (IMSI) and the Ki used to identify andauthenticate the user of the mobile device 10 when communicating overthe network 27. The SIM card can provide for users to change or swapprofiles by simply removing (or switching over in the case of dual SIMenabled devices 10) the SIM card from the mobile device 10 and insertinganother into the mobile device 10.

In terms of data 22, 24 storage, the device 10 can have a local storage32 (e.g. one or more on-board memories—for example one or more memorycards) and/or a remote storage 34 (for example one or more remotestorages) that can be administered by a remote computer device 36 (e.g.a cloud server or enterprise server providing cloud based or enterprisebased storage of device data 22, 24 off-board the device 10. Forexample, the remote computer device 36 can provide cloud-basedmanagement of the work persona 12 on the device 10, from security andemail settings, through to which applications 60 are installed in thememory 32 of the device components 30.

As shown, for example, behind an enterprise firewall and secure accessgateway 38, the remote computer device 36 can be provided as a secureenterprise mobile services gateway/server in communication with thedevice 10 over an enterprise network (e.g. Virtual Private Network (VPN)established over the network 27). Preferably, the communications network27 comprises a wide area network such as the Internet, however thenetwork 27 may also comprise one or more local area networks 27, one ormore wide area networks, or a combination thereof. Further, the network27 need not be a land-based network, but instead may comprise a wirelessnetwork and/or a hybrid of a land-based network and a wireless networkfor enhanced communications flexibility.

In terms of communications on the network 27, these communications canbe between computer devices (e.g. device 10 and device 36) consisting ofaddressable network packages following a network communication protocol(e.g. TCPIP), such that the communications can include application data24 communicated using appropriate predefined encryption as used betweenthe work application environment 12 and the secure enterprise mobileservices gateway/server (e.g. remote computer device 36). As shown, thesecure enterprise mobile services gateway server 36 can includes variousenterprise hosted applications/functions 40, including, mobile email 42,mobile synchronization 44, mobile contacts 46, mobile calendar 48,mobile communications 50, mobile intranet 52 and other enterprisespecific applications 54. In some embodiments, the secure enterprisemobile services gateway server 36 can provide access to variousenterprise network intranet services.

In some embodiments, the enterprise mobile services provided by theenterprise hosted applications 40 can include applications such as butnot limited to; email, contacts, calendar, enterprise communications,mobile device synchronization services, intranet internal web sites,internal enterprise applications, enterprise file systems, and/or otherenterprise networking services. Other applications 40 can include securemobile services application access, communication link provisioning(e.g., cryptographic encryption keys, VPN settings, and various othersecurity/communication provisioning), security programs, service controlprograms, and program settings for enterprise service applications, suchas email, calendar, contacts, mobile synchronization services, andtraffic control. In some embodiments, secure enterprise mobile servicesgateway server 36 can provide optimized mobile application formatting ofthe enterprise information or synchronization application services 40 tosynchronize the enterprise database 34 for the above services in anefficient and/or timely manner.

In general, application 40, 60 software, also known as an application oran app, is computer software designed to help the device 10 user toperform specific tasks or activities via the user interface of theirdevice 10. An application 40, 60 can manipulate text, numbers, graphics,or a combination of these elements via the user interface of the device10. Examples of application 40, 60 software include enterprise hostedsoftware (e.g. addresses the needs of organization processes and dataflow, often in a large distributed environment), accounting software,office suites, graphics software and media players. Applications may bebundled with the computer and its system software, or may be publishedseparately. Application 40, 60 software is contrasted with systemsoftware and middleware (e.g. part of the device component and softwaresystem 30), which manage and integrate a computer's capabilities, buttypically do not directly apply in the performance of tasks that benefitthe user. The system software serves the application 40, 60, which inturn serves the user.

Functionality of Environments 12, 14

Referring again to FIG. 1, in some embodiments the end-user device 10system can be in communication with one or more network system computerdevices 36 via the network 27. As noted above, the device 10 can have amulti device software application environment comprising: (1) one ormore enterprise work application execution environment 12 configuredwith: an enterprise application execution memory and data 22 memoryprovided by component 30 to support secure execution of enterprisesoftware remote applications 40 (accessed via the network 27) and/orenterprise software local work applications 62, the enterprise softwareapplications 40,62 comprising applications approved to execute orotherwise communicate in the secure execution work environment 12 and tocommunicate with secure enterprise services (provided by remote computer36) via the work environment 12 (or otherwise managed by the workenvironment 12—for example the work environment manager 26). Alsoprovided is a secure enterprise communication link either within theenvironment 12 or otherwise accessible by the work environment manager26, in communication with the device manager 20 and/or directly with thedevice component environment 30 itself. The secure enterprisecommunication link can be configured to provide secure network 27communication between the device 10 and the enterprise network services(e.g. the enterprise network services comprising enterprise networkresources and servers 36).

The multi device software application environment of the device 10 alsohas (2) one or more personal application execution environment 14configured with execution memory and data 24 memory provided bycomponent 30 to support execution of personal software applications 64not approved to execute in the secure execution work environment 12.However, it is recognized that communications 16,18 can be providedbetween the environments 12, 14, however preferably these communications16,18 are provided as notifications/indications of respective data 22,24present and accessible when the user is operating in the appropriateenvironment 12, 14. In this manner, sensitive application data is notcommunicated and made available in both two or more environments 12, 14,rather the sensitive application data (e.g. text body of email message)is retained in one of the environments 12, 14 (e.g. host environment)associated with the host application (of the host environment) for theapplication data while only the notification message indicating that anemail message is available (e.g. notification message containing dateand time of email but missing sender name and/or body content) in theother environment 12, 14 (i.e. other than the host environment) of themulti-environment set.

One example of these notification communications 16, 18 is where apersonal email arrives via a personal email application 64 provisionedin the personal environment 14. If the user is at the time logged intotheir work environment 12, then the email application 64 (e.g. via thedevice manager 20) sends a notification message 18 to the correspondingwork email application 62 provisioned in the work environment 12, suchthat the notification message 18 content only provides an indicationthat a personal email has arrived and withholds the actual data 24content of the personal email, such that the actual data 24 content canonly be accessed subsequently if the user changes environments 12, 14and logs in to the personal environment 14 and opens the personal emailvia the personal email application 64. Alternatively, the notificationcommunications 16, 18 can be a work email arriving via the work emailapplication 62 provisioned in the work environment 12. If the user is atthe time logged into their personal environment 14, then the emailapplication 62 (e.g. via the device manager 20) sends the notificationmessage 18 to the corresponding personal email application 64provisioned in the personal environment 14, such that the notificationmessage 18 only provides an indication that a work email has arrived andwithholds the actual data 22 content of the work email, which can onlybe accessed subsequently if the user logs in to the work environment 12and opens the work email via the work email application 62. Accordingly,in general, if the user is at the time logged into their firstenvironment 12, 14, then the provisioned application 60 of the firstenvironment 12, 14 (e.g. via the device manager 20) sends thenotification message 18 to the corresponding application 60 provisionedin the second environment 12, 14, such that the notification message 18only provides an indication that a communication (e.g. email, phonecall, voicemail, text, etc.) has arrived and withholds the actual data22,24 content of the communication, which can only be accessedsubsequently if the user switches from the first environment 12, 14 tothe second environment 12, 14 by logging in to the second environment12, 14 and access the communication via the second environmentapplication 60.

Alternatively, instead of application 60 to application 64communications, the host application in the host environment (i.e. theapplication initially receiving a message (e.g. email) can communicatethe presence of the received message (e.g. withholding the message bodycontent and/or sender name) as the notification message to anintermediate notification menu, as further described below. Thisconfiguration can be advantageous in device configurations whereapplications 60, 64 from one environment 12, 14 may not have a commoncommunication protocol (e.g. interface such as an API and/or the propersecurity credentials in place) to directly communicate with one another.

Device Applications 60

With “Work/play”, device 10 users can load the work environment 12 withtheir applications 62 of, for example, corporate emails, corporateaddress books, work calendars, and other enterprise applications. Whilefor the personal environment 14, users can load with their applications64 of, for example, their personal favorite games, apps, and music. Useof the different environments 12, 14, via the managers 20, 26, 28,provides for the users the ability to switch between work and playenvironments 12, 14 with ease, as further described below. Accordingly,the configuration of the environments 12, 14, including their initialaccess by the user (e.g. device sign-on), use of applications 40, 60when within the environments 12, 14, as well as when switching betweenenvironments 12, 14, provides the user with “Work/play” separates thathelps to safeguard sensitive business data 22 on the device 10, as wellas to help keep personal data 24 separated from the work data 22. Theenvironments 12, 14 are used to on the device 10, in conjunction withthe common platform 30, to create distinct modes, Work mode(s) and Playmode(s), which is apart from the undesirable and typical combinedoperations on today's smart phones that can compromise user friendlinessagainst security in daily life.

For example, in terms of the personal environment 14, this provides theuser with a personal mode, such that when not working, users can accessand use their personal applications 64 (with associated dataaccess/storage and network 27 communication ability provided via thecommon platform 30 components assigned to the personal environment 14)to send messages to friends, watch multimedia content, share picturealbums, play games, enjoy social media and sharing, browse internet andaccess to their favorite apps. Personal activities remain separate frombusiness responsibilities, as administered by the manager 28 of theenvironment 14 in conjunction (where/when used) with the manager 26 andmanager 20.

In terms of the work environment 12, this provides the user with a Workmode such that when not doing personal things, users can access and usetheir work applications 62 (with associated data access/storage andnetwork 27 communication ability provided via the common platform 30components assigned to the work environment 12) to focus on business byentering the work environment 12, where they can access corporate email,calendars, latest company bulletins/news, sensitive reports, documentsand presentations just like on a company sanctioned “work only” device.

Also envisioned in the case where there are two or more workenvironments 12 in the multi-environment set, this provides the userwith a first Work mode such that when not doing work modes things from asecond work mode, users can access and use their work applications 62(with associated data access/storage and network 27 communicationability provided via the common platform 30 components assigned to thework environment 12) of the first work mode to focus on business byentering the work environment 12 associated with the first work mode,where they can access corporate email, calendars, latest companybulletins/news, sensitive reports, documents and presentations just likeon a company sanctioned first mode “work only” device. In this manner,different work modes on the same device 12 can remain separate from oneanother. For example, a corporate work environment 12 can be maintainedas a separate environment 12, 14 by the managers 20, 26, 28 from asecond work environment 12 (e.g. personal business activities—forexample home business) that is not associated with corporate businessactivities of the first corporate work environment 12.

Examples of work applications 62 for each of one or more workenvironments 12 of the multi-environment set can include applicationssuch as but not limited to: Corporate/Work Calendar; Corporate/WorkMail; Corporate/Work Directory and Address Book; Company News (e.g. RSS,XML, etc.); Instant Messaging (e.g. What's app, Skype, etc.); Jobdispatcher, Tasks and to-do-list; Recorder for meeting; Notes; Storage,reports and documents (e.g. XLS, PPT, DOC, etc.); Stock prices; Securednetwork connectivity/connection manager; and Tariff and unbilled usagecounter/widget (work) for a network 27 data/usage plan (e.g. asconfigured via the SIM card assigned to the work environment 12).Examples of work applications 62 can include applications such as butnot limited to: Social Networking (e.g. Facebook, Blog, Twitter, Line,Sina, etc.); Multimedia recording, playback and sharing (e.g. video,audio, photo, music, etc.); Games and apps; Personal Alarm and tasks;Instant Messaging (e.g. Yahoo!, Google, What's app, MSN, Skype, etc.);Point of Interests, Navigation and Geo-fence (e.g. Map tools); My wallet(e.g. banking, statement, NFC payment, auction & bidding/taoboa, etc.);Storage and backup on 3Cloud; Utilities/Tools (e.g. stock, apps,widgets, calculator, weather, etc.); Tariff and unbilled usagecounter/widget (personal) for a network 27 data/usage plan (e.g. asconfigured via the SIM card assigned to the personal environment 14). Itis recognized that the same application 60 type (e.g. Microsoft Outlook)can be installed in multiple different instances, one instance as a work(e.g. Outlook) application 62 in the work environment 12 and as apersonal (e.g. Outlook) application 64 in the personal environment 14.Alternatively this can be done as different instances in differentenvironments 12, 14 of the same environment type (e.g. work or playtypes). In this manner, as discussed above, the managers 20, 26, 28 canfacilitate notification messages 16, 18 between the applications 62, 64in the different environments 12, 14.

Communication Between Devices 10, 36

In view of the above-described off-device enterprise managed andadministers applications 40 (e.g. those applications havingfunctionality that is access via the network 27 by the device 10 when incommunication with the remote computer device 36), it is recognized thatthe device 10 can also have local applications 60. These localapplications 60 (e.g. those having application functionality that isavailable locally on the device 10 without having to access thefunctionality off device 10 via the network 27) can be associated andtherefore provisioned in the work environment 12 as work applications 62(e.g. work calendar), associated and therefore provisioned in thepersonal environment 14 as personal applications 64 (e.g. personal gamesor personal calendar), and/or associated and therefore provisioned inthe common device environment 30 as common applications 66 (e.g. cameraapplication, phone application, shared user interface, etc.). Anotherway to think of difference between the applications 40 and 60 is thatthe applications 40 are configured as remotely hosted (i.e. off device)such that at least a portion of the functionality provided by theapplication 40 is accessed via the network 27 in a client-serverrelationship between the device 10 and the device 36 (e.g. representedas a server). This is compared to the applications 60 which areconfigured as locally hosted (i.e. on device), such that application 60functionality can be used by the device user without having tocommunicate via the network 27 during access of the functionality.

In terms of network communication messages 17 between the device 10 andone or more networked entities (e.g. device 36 such as servers, othermobile devices 10 in communication with one another that each haverespective work environments 12 provisioned on the device 10) on thenetwork 27 that are associated with the work environment applications62, the communication messages 17 can be communicated via the securemobile work environment 12 and associated secure network interface(s) 70(provided either within the secure mobile work environment 12 and/orprovided as part of the common platform 30 included in device 10). Also,a work secure network interface 72 is included as part of the remotecomputer device 36 accessed via the network 27, which is configured tocommunicate with the secure network interface 70. For example, thesecure network interface 72 can be provisioned on the remote computerdevice 36 acting as a work related cloud server or enterprise server. Inanother example, the secure network interface 72 can be provisioned onthe remote computer device 36 acting as another mobile device 10 andtherefore the secure network interface 72 could be the secure networkinterface(s) 70 associated with the work environment 12 of the device10. As discussed above, in some embodiments, the work environment 120provides for protection of sensitive enterprise (e.g. work related)information (e.g. data 22) that is stored on device 10 (e.g., email textand downloads, calendar information, contacts, intranet data, or anyother enterprise data) and provides a secure communication channel viathe network interface 70 to facilitate authentication with server securenetwork interface 72 on the remote computer 36 (e.g. acting as a secureenterprise mobile services gateway/server or as a plurality of differentservers).

In some embodiments, the secure network interface 70 on device 10 can beconfigured with a Virtual Private Network (VPN) device client functionto securely communicate between one or more approved enterprise (e.g.work related) applications 62 (e.g., enterprise data app, enterprisevoice app, secure enterprise mobile services app) and a counterpart VPNfunction that secures access to enterprise network interface 72 (e.g.,enterprise firewall/security gateway or server secure networkinterface). In some embodiments, a device software application or agent(e.g. one of the work applications 62 such as a service processorframework program, service processor kernel program, secure networkinterface 70, secure hardware partition manager 108) is configured toidentify network access activity associated with individual applications40,60 and allow network access to one or more approved enterpriseapplications 40 when the VPN device client function is in operation, ornot allow network access to one or more approved enterprise applications40 when the VPN device client function is not in operation. The devicesoftware application or agent can be provisioned with application accesspolicy rules to identify network access activity associated withindividual applications and allow network access to one or more approvedenterprise applications 40 when the VPN device client function is inoperation, or not allow network access to one or more approvedenterprise applications 40 when the VPN device client function is not inoperation. Alternatively, in some embodiments, the secure networkinterface 70 can be configured with a split-tunnel VPN device clientfunction, wherein an enterprise side (e.g. of remote computer device 36)of the split tunnel is configured to securely communicate between one ormore enterprise applications 40 and a counterpart VPN function thatsecures access to the enterprise network interface 72.

Also considered is a consumer side network interface 74 configured tocommunicate without encryption for access to network services providedto consumer applications 64 provisioned/hosted on the device 10. Theconsumer side network interface 74 can be provided either within thepersonal mobile work environment 14 and/or provided as part of thecommon platform 30 included in device 10. In any event, it is recognizedthat the consumer side network interface 74 is configured to interactwith personal applications 64, personal data 24 and any personal relatedremote computer devices 36 (e.g. other mobile devices of friends,family—dual persona enables or not—that are interacting with anypersonal applications 64 provisioned on the device 10).

As such, it is recognized that access to the network 27 is controlled bythe secure work network interface 70 when the user is interacting withthe work environment 12 (and associated applications 62 and data 22).Conversely, access to the network 27 is controlled by the personalnetwork interface 74 when the user is interacting with the personalenvironment 14 (and associated applications 64 and data 24). Operationof the manager(s) 20, 26, 28 provides for use of the appropriate networkinterface 70, 74, depending upon which of the environments 12, 14 theapplication 60 access, data 22, 24 access, and/or network communications17 is intended. To be clear, the manger 26 and network interface 70associated with the work environment 12 is configured as incompatiblefor access with applications 64, data 24, and/or network personaldirected communications 17. To be clear, the manger 28 and networkinterface 74 associated with the personal environment 14 is configuredas incompatible for access with applications 62, data 22, and/or networkwork directed communications 17.

Example User Interface 104 Formats for the Environments 12, 14 UserAccess Interface 100

Referring to FIGS. 1 and 3 a,b,c,d, the environment access interface 100(as a visual interface) provides for the multi display portions 200,202on the user interface 104, which are used to access either the workenvironment 12 or the personal environment 14. It is recognized that atleast one of the managers 20, 26, 28 could be configured to display theenvironment access interface 100, which can be selected (e.g. by theuser or by an administrator of the device environment 12, 14) from aplurality of different environment access interface 100 types duringconfiguration of user access to the environment(s) 12, 14, as stored inthe storage 32 of the common platform 30 of the device 10. Thisselection can be facilitated by a selection manager (e.g. configured aspart of the functionality of the device manager 20). One characteristicof the environment access interface 100 is the respective differentlocation predefined for each of the display portions 200,202, one forrepresenting access to the work environment 12 and the other forrepresenting access to the personal environment 14. As shown in FIGS. 3a, b, c, d, the work portion 200 is displayed in a different locationfrom the play portion 202. A further characteristic of the environmentaccess interface 100 is the unique visual graphical format (e.g.pattern, shading scheme, color scheme, font type/format, etc.) ofgraphical elements 204 (e.g. background, control items) in each of therespective display portions 200,202, such that each graphical format isdifferent from one another so that the user can perceive one of theportions 200,202 as the work portion (and only the work portion) and theother of the portions 202 as the play portion (and only the playportion). An example of the graphical element 204 as a background wouldbe where the background 204 in the work portion 200 could be monochromein color while the background 204 in the work portion 200 could be avibrant color (e.g. primary color). An example of the graphical element204 as a text element would be where the text element 204 in the workportion 200 could be of block format in font style while the textelement 204 in the work portion 200 could be script format in fontstyle. In other words, the graphical format of graphical elements 204 inone of the portions 200,202 is distinct (e.g. different) from thegraphical format of graphical elements 204 in the other of the portions200,202.

The graphical elements 204 can be passive elements (e.g. such as staticbackground schemes, etc.) or can be active elements. An active element,upon activation, issues a command to perform the function associatedwith the active element. For example, selection of an “X” active elementissues the command (e.g. to the operating system) to close a displaywindow associated with the “X” active element. It is recognized that theactive elements can be associated with predefined gestures entered onthe user interface 104 by the device 10 user. Predefined gesturedentered into the user interface 104 can be referred to as a form ofnon-verbal communication in which visible or tactile bodily actions ofthe user can communicate particular messages, either in place of speechor together and in parallel with words. Gestures can include movement ofthe hands, face, or other parts of the body. Gestures can differ fromphysical non-verbal communication that does not communicate specificmessages, such as purely expressive displays, proxemics, or displays ofjoint attention. The movement of gestures can be used to interact withtechnology like the devices 10, using touch or multi-touch elements ofthe user interface 104, physical movement detection via one or moresensors of the device 10 and visual motion capture.

In another example, selection and/or provision of the active element(e.g. as an icon and/or predefined gesture) would result in issuing acommand to open the application associated with the active element.Graphical elements 204 (or other types) as active elements can be usedas virtual controls, though which the user interacts with information(e.g. applications 40,60, data 22,24) by manipulating the activeelements (e.g. visual widgets) that allow for interactions appropriateto the kind of data they hold. For example, large graphical elements204, such as windows, can provide a frame or container for the mainpresentation content. Smaller graphical elements 204 can act as auser-input tool i.e. virtual control). The active elements can bedefined by location on the environment access interface 100, such thatif they are located in the work portion 200 then interaction with theactive element by the user (e.g. predefined gesture, keys and/orclicks/touch on the specific graphical element 204 position) causes thedefined action associated with the active element to be implemented forthe work environment 12 (e.g. initial access to the work environment 12and/or access to applications 60 and/or data 22 contained within thework environment 12). For example, selection/use of the active element(e.g. graphical element 204) in the work portion 200 indicates to theappropriate manager (e.g. device manager 20 acting as an environment 12,14 access manager) that the user wishes to enter and access one or moreapplications 62 associated with the particular work environment 12,which can include the display of an intermediate log-in interface 110(see FIG. 4). Alternatively, selection/use of the active element (e.g.graphical element 204) in the play portion 202 indicates to theappropriate manager (e.g. device manager 20 acting as an environment 12,14 access manager) that the user wishes to enter and access one or moreapplications 64 associated with the particular play environment 14,which can include the display of an intermediate log-in interface 110(see FIG. 4). Examples of the active element (e.g. graphical element204) used as virtual controls to provide for interaction to (and within)applications 60 as well as to provide interaction with data 22, 24 canbe such as but not limited to: computer icons, widgets, and/or ahypertext link.

A computer icon can be defined as a pictogram displayed on the computerscreen 105 (see FIG. 2) and used to navigate to or within theenvironment 12, 14. The icon itself can be a small picture or symbolserving as a quick, “intuitive” representation of a software tool,function 40,60 or a data file 22,24 accessible in one or theenvironments 12, 14. The icon can function as an electronic hyperlink orfile shortcut to access the program 40, 60 or data 22, 24. The icon canbe a small picture that represents objects such as a file 22, 24 orprogram, 40, 60 itself or functionality within the file 22, 24 orprogram, 40, 60. The icon can be used as a quick way (e.g. one selectionshortcut) to execute commands, open documents/files, and run programs.

Widgets can be qualified as virtual to distinguish them from theirphysical counterparts, e.g. virtual buttons that can be clicked with apointer/touch, vs. physical buttons that can be pressed with a finger.Example widgets are such as but not limited to a button, a slider, anicon, a link, a tab, a scrollbar, and a radio button. The widget canalso be represented as a handle used as an indicator of a starting pointfor a drag and drop operation. Typically, the shape changes when apointer or finger is placed on the handle, showing an icon thatrepresents the supported drag operation. Further, GUI widgets are oneexample of the active elements (e.g. graphic elements 204) used asgraphical based controls for manipulation by the user. Examples of thesecontrol widgets can be scroll bars, sliders, list boxes and buttons.Using these widgets, the user is able to define and manipulate the data22, 24 and the display for the software program 40, 60 they are workingwith. Alternatively, the widget (or control) can be defined as anelement of a graphical user interface (GUI) that displays an informationarrangement changeable by the user, such as a window or a text box. Thedefining characteristic of the widget can be to provide a single (ordedicated) interaction point for the direct manipulation of a given kindof data 22, 24 and/or application 40, 60. In other words, widgets can bebasic visual building blocks which, combined in an application 22, 24 orinterface, hold links to the data 22, 24 processed by the application40, 60 and the available interactions on this data 22, 24.

A text hyperlink can performs much the same function as the functionalcomputer icon or widget as described above, as the text hyperlink canprovide a direct link to some function (e.g. application 40,60 itself orfunction within an application 40,60) or data 22,24 available in theenvironment 12, 14. Although they can be customized, these texthyperlinks can share a standardized recognizable format, e.g. blue textwith underlining, which is unique and different for each of the portions200,202. Hyperlinks can differ from the functional computer icons orwidgets in that hyperlinks are normally embedded in text, whereas iconsor widgets are displayed as stand-alone on the screen real estate of theuser interface 104. Hyperlinks can also be displayed in text, either asthe link itself or a friendly name, whereas icons or widgets can bedefined as being primarily non-textual.

Also recognized is that the above-described active elements can be usedas a password submission mechanism inputted into the user interface 140by the device 10 user when the user logins in from one environment 12,14 to another environment 12, 14 of the multi-environment set. Forexample, a predefined gesture (e.g. finger swipe representing a trace ofa defined geometrical pattern—for example a zig zag) can be used by themanagers 20, 26, 28 to identify and authorize login of the user to theenvironment 12, 14 associated with the respective password. As noted, apassword is a secret word or string of characters that is used for userauthentication to prove identity, or for access approval to gain accessto an environment 12, 14 (example: an access code is a type of password)as a portion of user identification information provided to one or moreof the managers 20,26,28 to complete a login procedure in order to gainaccess and thereby switch from one of the environments 12, 14 to anotherof the environments 12, 14 of the multi-environment set available viathe user interface 104 of the device 10.

Further, despite the name, there is no need for passwords to be actualwords; indeed passwords which are not actual words may be harder toguess, a desirable property. Some passwords can be formed from multiplewords and can more accurately be called a passphrase. The term pass codecan be used for a password and is sometimes used when the secretinformation is purely numeric, such as the personal identificationnumber (PIN). Passwords are generally short enough to be easilymemorized and typed or otherwise spoken or gestured. As discussed,password types can be such as but not limited to: biometric basedpasswords providing authentication using unalterable personalcharacteristics; non-text-based passwords, such as graphical passwords,images or mouse or other movement (e.g. gesture via touch on touchscreen and/or actual movement of device 10 as identified by on-boardmotion sensors) based passwords.

Referring again to FIGS. 3 a, b, c, d, FIG. 3a shows a slide to unlockgesture, such that when the user wishes to access one of theenvironments 12, 14, the user selects the appropriate active graphicalelement 204 in the associated portion 200,202 and then operates theactive graphical element 204 by sliding it in the direction indicated(e.g. left for work and right for play). Upon operation of the activegraphical element 204 in the work portion 200 of the user accessinterface 100, the appropriate manager 20, 26, 28 receives an accesswork environment command and the result is that the user interface 104is configured as the work environment 12, whereby the user can thenaccess all applications 62 and data 22 belonging to the work environment12. Upon operation of the active graphical element 204 in the playportion 202 of the user access interface 100, the appropriate manager20, 26, 28 receives an access play environment command and the result isthat the user interface 104 is configured as the play environment 14,whereby the user can then access all applications 64 and data 24belonging to the play environment 14.

It is recognized that activation of the graphical element 204 (e.g.activation element) could cause the appropriate manager 20,26,28responsible for the requested new environment 12, 14 (i.e. thealternative environment 12, 14 to which the user is switching from thecurrent environment 12, 14 configured on the user interface 104) togenerate a password screen or other command represented on the userinterface 104 (e.g. presented visually and/or audibly and/or astactile—for example a series of vibrations) indicating that therequisite user password should be entered into the user interface 104 bythe user before gaining access and therefore switching from oneenvironment 12, 14 to another environment 12, 14. Again, it isenvisioned that the user name as part of the user identification foraccess to environments 12, 14 (via the manager 20, 26, 28) can be partof the user identification in addition to the requested password,whereby the user name is the same for at least a pair of environments12, 14 (e.g. the current environment and the user selected nextenvironment) of the multi-environment set configured or otherwiseavailable on the device 10. In some cases, the user name would be adefault value that would supplied automatically from one manager 20, 26,28 to another manager 20, 26, 28 without needed user input from the userfor entering the user name manually via the user interface 104.

FIG. 3b shows a hold and release gesture (e.g. example of predefinedgesture), such that when the user wishes to access one of theenvironments 12, 14, the user selects the appropriate active graphicalelement 204 (e.g. a portion of the background) in the associated portion200,202 and then holds the selection of the active graphical element 204for a predetermined period of time. Upon operation of the activegraphical element 204 in the work portion 200 of the user accessinterface 100, the appropriate manager 20, 26, 28 receives an accesswork environment command and the result is that the user interface 104is configured as the work environment 12, once authenticated via entryand confirmation of correct password, whereby the user can then accessall applications 62 and data 22 belonging to the work environment 12.Upon operation of the active graphical element 204 in the play portion202 of the user access interface 100, the appropriate manager 20, 26, 28receives an access play environment command and the result is that theuser interface 104 is configured as the play environment 14, whereby theuser can then access all applications 64 and data 24 belonging to theplay environment 14. It is recognized that for access to the playenvironment 14, the manager 20, 26, 28 may not request a respective playenvironment password in order for the user to gain access (i.e. switch)between the environments 12, 14.

FIG. 3c shows a hold and drag gesture (e.g. example of predefinedgesture), such that when the user wishes to access one of theenvironments 12, 14, the user selects the appropriate active graphicalelement 204 (e.g. lock icon) between the associated portions 200,202 andthen drags the active graphical element 204 towards the portion 200,202associated with the desired environment 12, 14. Upon operation (e.g.drag) of the active graphical element 204 towards the work portion 200of the user access interface 100, the appropriate manager 20, 26, 28receives an access work environment command and the result is that theuser interface 104 is configured as the work environment 12, onceauthenticated via entry and confirmation of correct password, wherebythe user can then access all applications 62 and data 22 belonging tothe work environment 12. Upon operation (e.g. drag) of the activegraphical element 204 towards the play portion 202 of the user accessinterface 100, the appropriate manager 20, 26, 28 receives an accessplay environment command and the result is that the user interface 104is configured as the play environment 14, whereby the user can thenaccess all applications 64 and data 24 belonging to the play environment14.

FIG. 3d shows an alternative embodiment of the hold and drag gesture,such that when the user wishes to access one of the environments 12, 14,the user selects the appropriate active graphical element 204 (e.g.circle icon) between the associated portions 200,202 and then drags theactive graphical element 204 towards the portion 200,202 associated withthe desired environment 12, 14. Upon operation (e.g. drag) of the activegraphical element 204 towards the work portion 200 of the user accessinterface 100, the appropriate manager 20, 26, 28 receives an accesswork environment command and the result is that the user interface 104is configured as the work environment 12, once authenticated via entryand confirmation of correct password, whereby the user can then accessall applications 62 and data 22 belonging to the work environment 12.Upon operation (e.g. drag) of the active graphical element 204 towardsthe play portion 202 of the user access interface 100, the appropriatemanager 20, 26, 28 receives an access play environment command and theresult is that the user interface 104 is configured as the playenvironment 14, whereby the user can then access all applications 64 anddata 24 belonging to the play environment 14.

FIG. 3e shows a diagonally designed “Work/Play” target as the graphicalelement 204 to enable an user experience and presentation on one singlepage as the user access interface 100, which can be supplemented by anotifications widget 206 (e.g. scrollable) displayed on the userinterface 104 as a region in which to receive (e.g. from the appropriatemanager 20,26,28) and to view and access notification messages (e.g.network messages 17) that can be directed (e.g. associated) with eitherof the environments 12, 14. As further described below, thenotifications widget 206 can display indications 208 of the data 22, 24available in the respective environment 12, 14, rather than the actualcontent of the data 22, 24 itself. Examples of the indication 208 are“Work email arrived”, “2 Pending Play text messages”, “Work VM”, etc.Alternatively, the indication 208 can contain header information of thecommunication 17 (e.g. sender name, time of receipt, title ofcommunication 17) but not the actual body of the communication 17. Assuch, the indications 208 contain the content of which environment 12,14 the actual communication 17 (or data 22,24) pertains to as well ascommunication type (e.g. email, text, voicemail, etc.) and canoptionally contain header information while at the same time restrictingaccess to the communication 17 body content. As discussed below, in theevent that the user is not “in” (e.g. the user interface 104 beingconfigured as that environment 12, 14 for providing access to theenvironment dependent applications 60 and data 22,24) the environment12, 14 pertaining to the actual communication 17 as represented by theindication 208, the user can operation or otherwise navigate to the useraccess interface 100 and via the appropriate manager 20,26,28 configurethe user interface 104 as the respective environment 12, 14 associatedwith the actual communication 17. Once so configured with the properenvironment 12, 14, the user can gain access to the actual content data22, 24 (e.g. body) of the communication 17 that was previouslyrepresented by the indication 208 in the notification widget 206.

Referring again to FIG. 3e , using “Touch and hold” concept (e.g.example of predefined gesture) to expand to “play” or work environment,the user selects the appropriate active graphical element 204 (e.g.portion 200,202 background) of the associated portion 200,202. Uponoperation (e.g. select) of the active graphical element 204 of the workportion 200 of the user access interface 100, the appropriate manager20, 26, 28 receives an access work environment command and the result isthat the user interface 104 is configured as the work environment 12,whereby the user can then access all applications 62 and data 22belonging to the work environment 12. Upon operation (e.g. select) ofthe active graphical element 204 of the play portion 202 of the useraccess interface 100, the appropriate manager 20, 26, 28 receives anaccess play environment command and the result is that the userinterface 104 is configured as the play environment 14, onceauthenticated via entry and confirmation of correct password, wherebythe user can then access all applications 64 and data 24 belonging tothe play environment 14.

FIG. 3f shows a top-bottom layout “Work/Play” access user interface 100that provides for integrated user experience and presentation on onesingle page interface 100, supplemented by one or more notificationwidgets 208 (e.g. scrollable at the bottom of screen). The access useinterface 100 can also be equipped with additional pre-configured/usersettable icons and/or folders 204 on this layout, riding on traditionaltouch point to expand folder/sub-category or direct applications 60 (seeFIG. 1) access, depending upon which environment is selected via theactive graphical element 204 (e.g. “work” or “play” tab). Using a holdand release or tap gesture, when the user wishes to access one of theenvironments 12, 14, the user selects the appropriate active graphicalelement 204 (e.g. tab) of the associated portion 200,202 and then holdsthe selection of the active graphical element 204 for a predeterminedperiod of time. Upon operation of the active graphical element 204 inthe work portion 200 of the user access interface 100, the appropriatemanager 20, 26, 28 receives an access work environment command and theresult is that the user interface 104 is configured as the workenvironment 12, once authenticated via entry and confirmation of correctpassword, whereby the user can then access all applications 62 and data22 belonging to the work environment 12. Upon operation of the activegraphical element 204 in the play portion 202 of the user accessinterface 100, the appropriate manager 20, 26, 28 receives an accessplay environment command and the result is that the user interface 104is configured as the play environment 14, whereby the user can thenaccess all applications 64 and data 24 belonging to the play environment14.

Referring to FIG. 3h , a Location-based Mode of the access use interface100 is shown, such that a layout of the display 105 (see FIG. 2) isbased on location dependent (Cell ID/WiFi SSID/Lat-Lon)sensing/detection of which wireless network 27 is available to thecommon platform 30, which impacts the layout of the respective“Work/Play” graphical elements 204. For example, based on which wirelessnetwork 27 is available from a list of predefined networks stored in thestorage 32 (or alternatively if the detected network 27 is determined tobe the work dedicated/defined network 27 or not, such that any detectednetwork 27 other than the work dedicated/defined network 27 is assumedto be the play network 27). For example, shown in FIG. 3h is where thecommon platform 30 (e.g. device manager 20) detected the availablewireless network(s) 27 did contain the work network 27 as predefined inthe storage 32. Accordingly, the graphical elements 204 representing thework environment 12 are displayed in a greater portion of the screenreal estate than the graphical elements 204 representing the playenvironment 14.

It is recognized that graphical elements 204 for both of theenvironments 12, 14 are displayed, however the work related graphicalelements 204 are displayed more prominently (e.g. larger, darker shade,bolder font type, etc.) than the play related graphical elements 204.For example, shown in FIG. 3i is where the common platform 30 (e.g.device manager 20) detected the available wireless network(s) 27 didcontain the play network 27 as predefined in the storage 32 (or did notcontain the work network 27 as predefined in the storage 32).Accordingly, the graphical elements 204 representing the playenvironment 14 are displayed in a greater portion of the screen realestate than the graphical elements 204 representing the work environment12. It is recognized that graphical elements 204 for both of theenvironments 12, 14 are displayed, however the play related graphicalelements 204 are displayed more prominently (e.g. larger, darker shade,bolder font type, etc.) than the work related graphical elements 204.

Further to FIGS. 3h, i , equipped with location detection of the commonplatform 30, once the device 10 is attached to a known/pre-configuredlocation, i.e. work, the pre-configured/user settable icons and/orfolders will be presented, riding on “Touch and hold” (e.g. predefinedgesture) concept at the top corner if need to alternate between“Work/play” environments 12, 14.

It is recognized that the different user access interfaces 100 asdiscussed above can be stored in the storage 32 as a group of predefineduser access interfaces 100, such that the selection/configurationmanager (e.g. manager 20) can be used to select the desired user accessinterface 100 from the group to use as the user access interface 100 toaccess the work and play environments 12, 14, as further describedbelow. It is also understood that any or all of the described“gestures”, recognized by the manager(s) as user supplied commands orinstructions, can be performed as touch screen gestures (i.e. the screenof the user interface is contacted or is otherwise configured to detectadjacent proximity of a user's digit—e.g. one or more fingers—and/orwriting stylus) and/or can be performed as air gestures (i.e. the userprovides a predetermined motion or gesture without touching the screenof the user interface 104, such that the air gesture is captured by thecamera or other imager of the device 10 and then recognized by themanager(s) as a predefined command or instruction).

Configured User Interface 104 Upon Selection of Desired Environment 12,14

Referring to FIG. 4, shown is a log-in screen 110 used to access theselected environment 12, 14 from the user access interface 100. Afterthe desired environment 12, 14 is selected by the user from the useraccess interface 100, the appropriate manager 20, 26, 28 displays alog-in screen 110 to the user via the user interface 104. Uponsuccessful login (i.e. acceptance of password entered by user of accountname and/or password entered), the appropriate manager 20, 26, 28configures the user interface as either the work environment 12 or playenvironment 14 (as selected in the user access interface 100 via thegraphical element 204). Examples of the work environment 12 are shown inFIG. 6 and examples of the play environment 14 are shown in FIG. 7. Anysubsequent interaction with the applications 60 and/or data 22, 24 onthe interface 104 will then be allowed with those respective data 22, 24and applications 62, 64 associated with the configured environment 12,14 only, and any interaction with the applications 60 and/or data 22, 24on the interface 104 from the other environment 12, 14 (i.e. thenon-selected environment 12, 14) will be restricted. As discussed above,the only access by the user to information from the non-selectedenvironment 12, 14 (i.e. the environment 12, 14 that is not configuredon the user interface 104) is via the indications 208 (e.g. displayed inthe notification widget/graphical element 206). It is recognized thatthe log-in screen 110 can be optional for the play environment 14, inthe case where the play environment 14 is configured as the defaultenvironment of the user interface 104.

Referring to FIGS. 5 a,b,c, shown are various different embodiments ofthe log-in screen 110, where FIG. 5a shows selection of an alpha-numericpass code, FIG. 5b shows a pattern code, and FIG. 5c shows a biometriccode such as a facial recognition (example others are fingerprint andvoice recognition). Upon entry of the code by the user, the appropriatemanager 20, 26, 28 receives the code and proceeds to configure the userinterface 104 with the corresponding environment 12, 14. Present on thelog-in screen 110 can be a graphical element 204 representative of theenvironment 12, 14 for which the code is relevant for.

Also shown is an optional switch graphical element 112 displayed on thelog-in screen 110, which can be used by the user to change from thelogin screen 110 to the login screen 110 of the other environment 12, 14and/or to instruct the appropriate manager 20, 26, 28 to directlyconfigure the user interface 104 with the corresponding otherenvironment 12, 14 (e.g. in the case where no login screen 110 is usedfor the other environment 12, 14 access). An example of the switchgraphical element 112 is a swipe gesture by the user across the switchgraphical element 112, which would then send the switch command to theappropriate manager 20, 26, 28. It is recognized that the switchgraphical element 112 can have a display location on the user interface104 that is predefined as consistent between different displayconfigurations of the user interface 104. For example, each displayscreen in both the work environment 12 and the play environment 14 canhave the same switch graphical element 112 located in the same displaylocation (see FIGS. 6 and 7). One example of the consistent displaylocation is at the lower left corner of the display. Another example ofthe consistent display location is at the lower right corner of thedisplay. Another example of the consistent display location is at theupper right corner of the display. Another example of the consistentdisplay location is at the upper left corner of the display. Anotherexample of the consistent display location somewhere between the cornersof the display. Another example of the consistent display location onone of the side edges of the display.

Referring to FIG. 6, shown is an example play environment 14 screen,having a switch graphical element 112, and one or more passive graphicalelements 204 (e.g. icon, background, etc. having a predefinedgraphical/visual format representative of the respective environment 12,14) that are uniquely representative of the play environment 14 overthat of the work environment 12. One advantage of the unique passivegraphical element 204 is to provide context to the user as to whichenvironment 12, 14 the user currently has selected for configuration asthe user interface 104. It is also recognized that the layout ofapplications 64 in the environment 14 could also be distinctive from theother environment 12. Referring to FIG. 7, shown is an example workenvironment 12 screen, having a switch graphical element 112, and one ormore passive graphical elements 204 (e.g. icon, background, etc. havinga predefined graphical/visual format representative of the respectiveenvironment 12, 14) that are uniquely representative of the workenvironment 12 over that of the play environment 14. One advantage ofthe unique passive graphical element 204 is to provide context to theuser as to which environment 12, 14 the user currently has selected forconfiguration as the user interface 104. It is also recognized that thelayout of applications 62 in the environment 12 could also bedistinctive from the other environment 14.

Referring to FIG. 8, an alternative switch method between environments12, 14 is shown as a dedicated notification interface 114, such byexample is shown the current environment 14 and a positioned switchgraphical element 112 thereon. Also shown are the indications 208 withrespective environment identifiers 209 used to identify whichenvironment 12, 14 the indications belong to. Alternatively, selectionof any of the indications 208 by the user could send the switch commandto the appropriate manager 20, 26, 28. As given above, any of the useraccess interfaces 100 could also be used as a switch environmentmechanism, such that activation of any switch graphical element 112could result in the subsequent display of a default user accessinterface 100.

Referring to FIG. 9, shown is a configuration module 210, which can beprovides as a subset of the functionality of any of the managers20,26,28 (see FIG. 1), either in whole or on part. For example, theconfiguration module 210 is a subset of the functionality of the manager20. For example, the configuration module 210 is a subset of thefunctionality of the manager 26. For example, the configuration module210 is a subset of the functionality of the manager 28. Theconfiguration module 210 can include an application module 212 formanaging and configuring which access to what resources/apps 40,60 aresensitive as well as to add, update, and/or delete apps 40,60 (work orplay) on the device 10. The configuration module 210 can include anaccess module 214 for selecting which of the user access interfaces 100to use as a mechanism to select one or the other of the environments 12,14, such that all of the user access interface 100 types can be storedin the storage 32 for selection and implementation by the access module214 for subsequent operation of the user interface 104. Theconfiguration module 210 can include a password module 216 for selectingwhich of the login interfaces 110 to use as a mechanism to login to oneor the other of the environments 12, 14, such that all of the logininterface 110 types can be stored in the storage 32 for selection andimplementation/configuration by the password module 216 for subsequentoperation of the user interface 104. The configuration module 210 caninclude a switch module 218 for selecting which of the switch elements112 to use as a mechanism to switch from one or the other of theenvironments 12, 14, such that all of the switch element 112 types canbe stored in the storage 32 for selection andimplementation/configuration by the switch module 218 for subsequentoperation of the user interface 104. The configuration module 210 caninclude a theme module 220 for configuring the respective graphicalformats of the different environments 12, 14, such that all of thegraphical format types can be stored in the storage 32 for selection andimplementation/configuration by the theme module 220 for subsequentoperation of the user interface 104. The configuration module 210 caninclude a security module 222 for configuring the respective securitysettings of the different environments 12, 14, such that all of thesecurity setting types can be stored in the storage 32 for selection andimplementation/configuration by the security module 222 for subsequentoperation of the user interface 104.

Referring to FIG. 10, shown is an example configuration interface 224 ofthe configuration module 210, such that a graphical format of theconfiguration interface 224 (e.g. color coded) can be used to indicateto the user which of the environments 12, 14 the configuration settingsare accessing.

Other options are multiple home screens for a particular environment 12,14. As discussed above, the advantage of the user interface 104 incommunication with the managers 20,26,28 assigned to the respectiveenvironment 12, 14 is that the device 10 can be configured as having twoor more different environments 12, 14 for the same user name, i.e. forthe same persona.

A further alternative embodiment is shown in FIG. 3g , such that abarrier element 205 is displayed between the two environments 200, 202,shown on the user interface as a visual barrier between the displayedenvironments 200,202. In one example, the barrier element 205 scrolls207 across the user interface as the environment 200,202 changes fromone to the other.

Further, it is recognized generally that the notification menu (e.g.notification widget 206—see FIGS. 3e and 8) shown in one environment 12,14 can be of a predefined unique visual format that is different fromthe same notification menu 206 when displayed in conjunction with adifferent environment 12, 14. As such, the notification menu 206 canhave differently configured visual format manifestations depending uponwhich of the environments 12, 14 it is displayed in conjunction with.For example, presenting the notification menu 206 on the user interface104 for containing work environment 12 notification type and personalenvironment 14 notification type can be configured by the appropriatemanager, such that a notification presented in the notification menu 206can be configured by (e.g. a notification) manager to withholdpresentation of notification content of the notification if theenvironment notification type does not match the environment type 12,14. Further, the notification content that is withheld can be a bodycontent of the notification, such that a notification type is explicitlypresented in the notification menu 206 as a label for the notification.It is also recognized that a display location on the user interface 104of the notification menu 206 can be common to both the work environment12 and the play environment 14 (see FIG. 3e or FIG. 8).

In terms of visual elements of the notification menu 206, these can bedefined by a set of unique personal environment user interface designelements when the user interface 104 is configured as the personalenvironment 14 and can be defined by a set of unique work environmentuser interface design elements when the user interface 104 is configuredas the work environment 12. The visual elements of the uniquework/personal environment user interface design elements can be selectedfrom the group consisting of: shape; shade; color; and/or pattern.

Referring to FIG. 11, an alternative embodiment is shown whereby thework environment 12 and the play environment 14 are displayed on theuser interface 104 as a series of sequential (e.g. one at a time)display screens 105 a, b, such that a plurality of sequential workscreens 105 a of the work environment are grouped together as a workgroup 12 a and a plurality of sequential personal screens 105 b of thepersonal environment are grouped together as a personal group 14 a.Navigation between the sequential screens 105 can be done via a userinterface action performed by the device user, for example as a simplegesture (e.g. finger swipe from side to side). Further, in the event ofa change between the work environment 12 and the personal environment14, the intermediate login screen 105 c can be presented (requiringacceptance of the entered work password) before the next sequential workscreen 105 a can be displayed on the user interface 104. As such, theintermediate login interface 105 c can be presented on a displaypositioned between any of the groups 12 a, 14 a. It is recognized thatthere can be more than one defined personal group 14 a and/or more thanone defined work group 12 a. As discussed, presentation of thesequential screens 105 a,b,c can be presented on the user interface 104one at a time, such that sequential display of each individual screen105 a,b,c on the user interface 104 can be separated by a predefinedgesture (e.g. finger swipe). An example display sequence is as follows:first a personal screen 105 b on the user interface 104 followed by thepredefined gesture followed by the intermediate login screen 105 c onthe user interface 104 followed by a work screen 105 a on the userinterface 104. Further, any personal screen 105 b on the user interface104 followed by the predefined gesture can be subsequently followed byanother personal screen 105 b on the user interface 104. Further, anywork screen 105 a on the user interface 104 followed by the predefinedgesture can be subsequently followed by another work screen 105 a on theuser interface 104. It is also recognized that in the case of two ormore different work environments 14 in the multi-environment, an exampledisplay sequence is as follows: first a work screen 105 a on the userinterface 104 followed by the predefined gesture followed by theintermediate login screen 105 c on the user interface 104 followed by awork screen 105 a of a different work environment 12 on the userinterface 104.

Referring again to FIG. 11, the intermediate login screen 105 c could beoptional (e.g. skipped over or otherwise bypassed from display on theuser interface 104) when the user is switching from the work screen 105a (e.g. any work screen 105 a of the work group 12 a) to the personalscreen 105 b (e.g. any personal screen 105 b of the personal group 14a), as shown by reference arrow 108. It is recognized that motivation ofthe device user to switch from the current display screen 105 a, b(configured on the user interface 104) to a different one could be thereceipt of a notification in the notification menu 206. For example, thenotification displayed could indicate which work/personal environment12, 14 the notification can be accessed in. For example, as providedbelow, the notification menu 206 displayed along with the display screenWork 2 (representing a work environment 12) could indicate that anotification (e.g. email) has arrived as tagged or otherwiselabelled/associated with the display screen Personal 1 (representing apersonal environment 14).

Further, it is recognized that the manager 20,26,28 (e.g. theintermediate device manager 20) could be configured by instructionsstored on the memory 32 (see FIG. 12) to recognize and act on a firstgesture mechanism (e.g. finger swipe, device shake, air gesture, orother motion based input recognized by the user interface 104 and/orother sensors—for example imager/camera—present in the deviceinfrastructure 30) to switch from the presently displayed screen 105 a,bto a desired display screen 105 a,b by a number of screens 105 a,105 b(in the sequentially ordered display screens 105 a,105 b) matching (orotherwise associated with) the screen switch number associated with thenumber of performances/repetitions of the first gesture mechanism. It isrecognized that the first gesture mechanism is a motion based inputmechanism performed by the device user as an alternative to (i.e.instead of) pressing or otherwise selecting a physical or virtual buttondedicated to performing the configured task once pressed/selected.

The repetition number of the first gesture mechanism could be associatedwith the number of screens 105 a, b to switch by. For example, repeatingthe gesture mechanism (e.g. a finger swipe gesture, a device shake)performed by the user via the user interface 104 a user selected numberof times (e.g. two times) would instruct the manager 20, 26, 28 toswitch by the same number of screens 105 a, b (i.e. the manager 20, 26,28 would match the number of screens 105 a, b to switch by with thenumber of repetitions of the first gesture mechanism). Referring to FIG.11, for example if the user interface 104 is configured with the displayscreen “Work 2” and the user performs the first gesture mechanism of twoindividual finger swipes (e.g. repeats a finger swipe gesture twice)from right to left, the manager 20,26,28 would recognize by matching(e.g. equating or otherwise assigned) the number of performances of thefirst gesture mechanism with the specified number of screens 105 a,b theuser wishes to switch by, in this case two screens to the right (i.e.switching from Work 2, bypassing the display of any screens 105 a,bbetween the present screen Work 2 to end up on the selected screen“Personal 1”). In this case the user interface 104 would display screenWork 2 and then after the repeated first gesture mechanism (a firstfinger swipe followed by a second finger swipe) would display thedisplay screen Play 1, thereby bypassing the display of the intermediateenvironment (e.g. work/display) screen(s)—in this case the onlyintermediate display of display screen Work 1.

In the above case, the user is moving from the work group 12 a to thepersonal group 14 a, therefore display of the intermediate login screen105 c may not be (e.g. optional) displayed on the user interface 104between the display screen Work 2 and the display screen Personal 1, asuse of the intermediate login screen 105 c is optional (following path108) when going between any of the work screens 105 a to any of thepersonal screens 105 b. However, in the case where the user would bemoving from the personal group 14 a to the work group 12 a, thefollowing switch process could be followed. Referring to FIG. 11, forexample if the user interface 104 is configured with the display screen“Personal 2” and the user performs the first gesture mechanism of twoindividual finger swipes (e.g. repeats a finger swipe twice) from leftto right, the manager 20,26,28 would recognize by matching (e.g.equating) the number of performances of the first gesture mechanism withthe specified number of screens 105 a,b the user wishes to switch by, inthis case two screens to the left (i.e. switching from Personal 2,bypassing the display of any screens 105 a,b between the present screenPersonal 2 to end up on the selected screen “Work 1”). In this case theuser interface 104 would display screen Personal 2 and then after therepeated first gesture mechanism (finger swipe followed by a secondfinger swipe) would display first the intermediate login screen 105 cand recognize the required password entry before proceeding to instructthe user interface 104 to display the display screen Play 1, therebybypassing the display of the intermediate environment (e.g.work/display) screen(s)—in this case only the intermediate displayscreen Personal 1.

Further to the above, the first gesture mechanism could be a shake ofthe device 10, such that a sensor (e.g. accelerometer) of the deviceinfrastructure 30 (see FIG. 12) would be recognized by the manager 20,26, 28. For example, a repeated number of shakes would be interpreted bythe manager 20, 26, 28 as a specified number (e.g. two) of displayscreens 105 a, b to switch to. It is also recognized that the number ofrepetitions may be equal to the same number of screens to follow in theordered sequence of display screens 105 a, b. For example, a number ofrepetitions (e.g. two) could be matched with moving the same number(e.g. two) of screens 105 a,b over in the ordered sequence of displayscreens 105 a,b (e.g. from Personal 2 to Work 1). Alternatively, thenumber of repetitions may not be equal to the same number of screens tofollow in the ordered sequence of display screens 105 a, b. For example,a number of repetitions (e.g. one) could be matched with bypassing thenumber (e.g. one) of screens 105 a, b in the ordered sequence of displayscreens 105 a, b (e.g. similarly from Personal 2 to Work 1, as onescreen of Personal 1 is bypassed). Alternatively, the number ofrepetitions of the first gesture mechanism could be assigned to (asrecognized by the manager 20, 26, 28) a different number of bypassand/or switch screens. For example, one repetition could be assigned totwo switch screens (i.e. to bypass the display of the one intermediateenvironment screen 105 a, b).

Further, the first gesture mechanism could be associated with adirectional component. For example, performing the first gesturemechanism in a first predefined direction (e.g. finger swipe left toright, shake from up to down, shake from left to right) could cause theswitch of the display screens 105 a,b in a predefined direction (e.g.from right to left) in the ordered sequence of display screens 105 a,b.Changing the direction of the performance of the first gesture mechanismin a second predefined direction opposite to the first predefineddirection (e.g. finger swipe right to left, shake from down to up, shakefrom right to left) could cause the switch of the display screens 105a,b in a second predefined direction (e.g. from right to left) in theordered sequence of display screens 105 a,b opposite to the firstpredefined direction.

Further, it is recognized that the manager 20,26,28 (e.g. theintermediate device manager 20) could be configured by instructionsstored on the memory 32 (see FIG. 12) to recognize and act on a secondgesture mechanism (e.g. finger swipe, device shake, air gesture, orother motion based input recognized by the user interface 104 and/orother sensors—for example camera/imager—present in the deviceinfrastructure 30) to switch from the presently displayed screen 105 a,bto the previously displayed display screen 105 a,b in the sequentiallyordered display screens 105 a,105 b. It is recognized that the secondgesture mechanism can be a motion based input mechanism performed by thedevice user as an alternative to (i.e. instead of) pressing or otherwiseselecting a physical or virtual button dedicated to performing theconfigured task once pressed/selected. It is also recognized that thesecond gesture mechanism is a gesture mechanism different from the firstgesture mechanism and recognizable as such by the manager 20, 26, 28.For example, the first gesture mechanism can be a one-finger fingerswipe (or repeated series of one-finger finger swipes) and the secondgesture mechanism can be a finger swipe using a plurality (e.g. two) offingers simultaneously. As such, it is recognized by the manager20,26,28 that the second gesture mechanism is a simple display switchmechanism between the current display screen 105 a,b and a historically(e.g. immediately previous screen, two screens ago, three screens ago,etc.) displayed display screen 105 a,b. In the case where the userswitches between (e.g. returns from) a screen 105 b in the personalgroup 14 a to a screen 105 a in the work group 12 a, the intermediatelogin screen 105 c could be presented on the user interface 104 by themanager 20, 26, 28 in response to the second gesture mechanism andrequire a recognized password entry before displaying the historical(e.g. previous) display screen 105 a.

Alternatives to the second gesture mechanism are: a shake gesturewherein the first gesture mechanism is a finger-based gesture; afinger-based gesture wherein the first gesture mechanism is a shakegesture; a swipe based finger gesture wherein the first gesturemechanism is a tap based finger gesture; or a tap based finger gesturewherein the first gesture mechanism is a swipe based finger gesture. Inany event, it is intended that the first gesture mechanism and thesecond gesture mechanism are unique and distinct from one another, asrecognized by the manager 20, 26, 28, such that the first gesturemechanism is defined as a user selected number of repetitions associatedwith a respective predefined number of screens 105 a, b to bypass orotherwise switch. This is compared to the second gesture mechanismdefined as a switch mechanism between the currently displayed screen 105a,b and a previous (e.g. historical) screen 105 a,b, such that themanager 20,26,28 stores and keeps track of which screen 105 a,b wasconfigured on the user interface 104 prior (e.g. immediately) to thecurrently displayed display screen 105 a,b.

Example of Mobile Device 10

Referring to FIG. 12, a computing device 10 implementing functionalityof the multi-environment can include a network connection interface 99,such as a network interface card or a modem, coupled via connection to adevice infrastructure 30. The connection interface 99 is connectableduring operation of the devices to the network 27 (e.g. an intranetand/or an extranet such as the Internet), which enables networkeddevices to communicate with each other as appropriate. The network 27can support the communication of the applications 40, 60 provisioned inthe environments 12, 14, and the related content.

Referring again to FIG. 12, the device 10 can also have the userinterface 104, coupled to the device infrastructure 30, to interact witha user. The user interface 104 can include one or more user inputdevices such as but not limited to a QWERTY keyboard, a keypad, astylus, a mouse, a microphone and the user input/output device such asan LCD screen display and/or a speaker. If the screen is touchsensitive, then the display can also be used as the user input device ascontrolled by the device infrastructure 30.

Referring again to FIG. 12, operation of the device 10 is facilitated bythe device infrastructure 30. The device infrastructure 30 includes oneor more computer processors CPU and can include an associated memory 32.The computer processor CPU facilitates performance of the device 10configured for the intended task (e.g. of the respective module(s))through operation of the network interface 99, the user interface 104and other application programs/hardware 40, 60 of the device 10 byexecuting task related instructions. These task related instructions canbe provided by an operating system, and/or software applications locatedin the memory 32, and/or by operability that is configured into theelectronic/digital circuitry of the processor(s) CPU designed to performthe specific task(s). Further, it is recognized that the deviceinfrastructure 30 can include a computer readable storage medium coupledto the processor CPU for providing instructions to the processor CPUand/or to load/update the instructions (e.g. applications 40, 60). Thecomputer readable medium can include hardware and/or software such as,by way of example only, magnetic disks, magnetic tape, opticallyreadable medium such as CD/DVD ROMS, and memory cards. In each case, thecomputer readable medium may take the form of a small disk, floppydiskette, cassette, hard disk drive, solid-state memory card, or RAMprovided in the memory module. It should be noted that the above listedexample computer readable mediums can be used either alone or incombination.

Further, it is recognized that the computing device 10 can include theexecutable applications comprising code or machine readable instructionsfor implementing predetermined functions/operations including those ofan operating system and the modules, for example. The processor CPU asused herein is a configured device and/or set of machine-readableinstructions for performing operations as described by example above,including those operations as performed by any or all of the modules. Asused herein, the processor CPU may comprise any one or combination of,hardware, firmware, and/or software. The processor CPU acts uponinformation by manipulating, analyzing, modifying, converting ortransmitting information for use by an executable procedure or aninformation device, and/or by routing the information with respect to anoutput device. The processor CPU may use or comprise the capabilities ofa controller or microprocessor, for example. Accordingly, any of thefunctionality of the modules may be implemented in hardware, software ora combination of both. Accordingly, the use of a processor CPU as adevice and/or as a set of machine-readable instructions is referred togenerically as a processor/module for sake of simplicity.

Preferably, the communications network 27 comprises a wide area networksuch as the Internet, however the network 27 may also comprise one ormore local area networks 27, one or more wide area networks, or acombination thereof. Further, the network 27 need not be a land-basednetwork, but instead may comprise a wireless network and/or a hybrid ofa land-based network and a wireless network for enhanced communicationsflexibility. The communications network 27 is used to facilitate networkinteraction between the devices 10 and the servers 37. In terms ofcommunications on the network 27, these communications can be betweenthe computer devices (e.g. device 10 and device 37) consisting ofaddressable network packages following a network communication protocol(e.g. TCPIP), such that the communications can include compliancecharacteristic data communicated using appropriate predefined encryptionas used between the device infrastructure 30 and the secure enterprisemobile services gateway or server.

What is claimed is:
 1. A mobile device, comprising: a memory comprisingcomputer program code; a network interface; and a processor in datacommunication with the memory and the network interface, and configuredto execute the computer program code and cause the mobile device to:implement a mobile device operating system; implement a firstapplication in a first application environment of the mobile deviceoperating system, wherein the first application environment isconfigured to be selectively displayed via a mobile device graphicaluser interface, wherein the first application performs a functionalityin the first application environment; implement a second application ina second application environment of the mobile device operating system,wherein the second application environment is configured to beselectively displayed via the mobile device graphical user interface,wherein the second application performs the same functionality as thefirst application in the second application environment; receive, viathe network interface, data comprising content associated with the firstapplication while the second application environment is displayed on themobile device; determine that the second application performs the samefunctionality as the first application in the second applicationenvironment; in response to the determination, send notification dataregarding the received data associated with the first application to thesecond application in the second application environment, wherein thenotification data provides an indication that the data associated withthe first application has been received; and display the notificationdata in the second application environment.
 2. The mobile device ofclaim 1, wherein the notification data includes a date and time of thatthe data comprising content associated with the first application wasreceived.
 3. The mobile device of claim 1, wherein the first applicationand the second applications are email applications, and the datacomprising content associated with the first application is an email. 4.The mobile device of claim 1, wherein the first application environmentis a work environment and the second application environment is apersonal environment.
 5. The mobile device of claim 1, wherein theprocessor is further configured to cause the mobile device to: receive acommand to switch from the second application environment to the firstapplication environment; and receive a password for the firstapplication environment in order to enable the first applicationenvironment, wherein the password for the first application environmentis different from a password for the second application environment. 6.The mobile device of claim 5, wherein the processor is furtherconfigured to cause the mobile device to: display the content associatedwith the first application in the first application environment.
 7. Amethod, comprising: implementing a mobile device operating system;implementing a first application in a first application environment ofthe mobile device operating system, wherein the first applicationenvironment is configured to be selectively displayed via a mobiledevice graphical user interface, wherein the first application performsa functionality in the first application environment; implementing asecond application in a second application environment of the mobiledevice operating system, wherein the second application environment isconfigured to be selectively displayed via the mobile device graphicaluser interface, wherein the second application performs the samefunctionality as the first application in the second applicationenvironment; receiving, via the network interface, data comprisingcontent associated with the first application while the secondapplication environment is displayed on the mobile device; determiningthat the second application performs the same functionality as the firstapplication in the second application environment; in response to thedetermination, sending notification data regarding the received dataassociated with the first application to the second application in thesecond application environment, wherein the notification data providesan indication that the data associated with the first application hasbeen received; and displaying the notification data in the secondapplication environment.
 8. The method of claim 7, wherein thenotification data includes a date and time of that the data comprisingcontent associated with the first application was received.
 9. Themethod of claim 7, wherein the first application and the secondapplications are email applications, and the data comprising contentassociated with the first application is an email.
 10. The method ofclaim 7, wherein the first application environment is a work environmentand the second application environment is a personal environment. 11.The method of claim 7, further comprising: receiving a command to switchfrom the second application environment to the first applicationenvironment; and receiving a password for the first environment in orderto enable the first application environment, wherein the password forthe first environment is different from a password for the secondapplication environment.
 12. The method of claim 11, further comprising:displaying the content associated with the first application in thefirst application environment.
 13. A mobile device, comprising: a memorycomprising computer program code; a network interface; and a processorin data communication with the memory and the network interface, andconfigured to execute the computer program code and cause the mobiledevice to: implement a mobile device operating system; implement a firstapplication in a first application environment of the mobile deviceoperating system, wherein the first application environment isconfigured to be selectively displayed via a mobile device graphicaluser interface, wherein the first application performs a functionalityin the first application environment; implement a second application ina second application environment of the mobile device operating system,wherein the second application environment is configured to beselectively displayed via the mobile device graphical user interface,wherein the second application performs the same functionality as thefirst application in the second application environment; receive, viathe network interface, data comprising content associated with the firstapplication while the second application environment is displayed on themobile device; determine that the second application performs the samefunctionality as the first application in the second applicationenvironment; in response to the determination, send notification dataregarding the received data associated with the first application to anotification menu accessible in the second application environment,wherein the notification data provides an indication that the dataassociated with the first application has been received; and display thenotification data in the notification menu of the second applicationenvironment.
 14. The mobile device of claim 13, wherein the notificationdata includes a date and time of that the data comprising contentassociated with the first application was received.
 15. The mobiledevice of claim 13, wherein the first application and the secondapplications are email applications, and the data comprising contentassociated with the first application is an email.
 16. The mobile deviceof claim 15, wherein the notification data does not include at least aportion of a body of the received email.